I recently finished building my home alarm system and it got me thinking about all the different aspects of security design.
Just to clarify right in the beginning: there is no 100% secure system. A perfectly secure system is physically impossible because having a non-zero chance of failure and given enough time, it is a mathematical certainty that at some point the system will fail. Security is a balancing act between the cost of the system and the risks that it covers or leaves open. (Keep that in mind the next time you see an ad saying your bank or whatever company offers you complete security.) Now with that said, it’s not really a problem because you don’t actually need a system that is 100% secure, just one that is secure enough.
So what is secure enough? That’s completely up to you and the situation you’re in, so when you’re designing a security system you need to consider a few things. Every break-in carries a risk and a reward from the intruder’s perspective. When designing the system, you’re simply trying to make the risk greater than the reward.
The following guidelines are generic enough to cover information security and the physical security of your home or office or any place you can imagine, be it private or public.
- Targeted vs random
There are 2 very distinct types of attack: either it’s targeted at you specifically or it’s a random one that you just happen to be the victim of. You need to ask yourself what the likelihood of each one is, and design the system according to the answer. If you’re a regular human being with an average wealth, there is a pretty high chance that you will only need to worry about a random break-in to your home and not so much about a targeted one. If you’re designing security for an airport, not too many of those will be attacked on impulse, except for maybe a bar fight at the terminal or in case of a zombie apocalypse.
- Visibility vs obscurity
When is it better to show off what you got (be it real or fake), and when is it better to hide it? Installing a fake camera might convince a random burglar to move on to somewhere else, but if you’re being targeted, it will not help much. Having a vault that is time-locked and takes 15 minutes to open will make the job of bank robbers more complicated. Putting out a sign announcing that fact will enable them to do better planning. (In this case better planning by the bank robbers might lead to saving lives, which is one of the factors when designing the system.) Think about whether it’s a good idea to put a sign on your door saying “RFID controlled area – have your key-card ready”. Regardless of whether you actually have an RFID reader or not, this might scare someone away, but it might also give them the idea that it’s worth taking a look inside. In some cases you will want to seem better protected than you actually are, but not extremely better protected than the others around you. In other cases you might conclude that parking a rusty old car in front of your house will be enough to convince people that it’s not worth breaking in.
- 2 factor vs 3 factor authentication
The 3 factors of authentication are: something you have, something you know, and something you are. A key to your door lock is something you have. It’s a physical object you need to have with you in order to unlock the door. A password is something you know. You need to prove that you know the password by typing it in, so that you can unlock your computer. A fingerprint or a retina is something you are, something that is inseparable from you as a person, and something that is a unique identifier of you and nobody else. There is no silver bullet in terms of using these; you need to combine them in a way that makes sense. When you go to an ATM with your bank card (something you have) and a PIN code (something you know) you’re using 2 factor authentication because it uses 2 out of the 3. If you require a key-card (something you have) and need to enter a PIN code (something you know) and have to pass a fingerprint scanner (something you are) when entering a building, that’s 3 factor authentication. Keep in mind that the more complex the system, the more secure it might be, but also the more difficult and expensive to install and maintain. Don’t spend more on the vault than the value of what you’re going to store in it.
- Risk management: occurrence vs impact
Adding more locks to your door increases the effort required to break in, which increases the risk of being caught while doing it, but it doesn’t reduce the potential damage if someone does get in. Setting up a siren that wakes up the whole neighborhood might not make it more complicated to get in, but it sure as hell minimizes the damage and maximizes the chance of catching the bad guy. Another way to minimize damage is keeping your valuables out of sight; just remember not to hide stuff inside something that is worth stealing. You might consider placing a few items in plain sight that look like they’re worth something, but are actually worthless. Cheap jewelry that doesn’t look cheap, electronics that don’t work anymore, a fancy-looking wallet which you can fill with paper. The thief might decide to just pick up whatever is in site and leave quickly before their luck runs out. (You can even set up one of these easy targets to trigger another alarm.) Having insurance might also reduce the damage; just make sure you read all the fine print and terms & conditions before agreeing to anything.
- Notification and/or logging
Are you just trying to scare the burglar away, or does someone need to be notified in case of an event? (The police, a security guard in the building, you, or one of the neighbors maybe?) Do you need to log every time a door is open and whose key-card was used to open the door so that you can review the logs later? Remember that you will need to keep contact details updated in the first case, and manage/archive/delete the logs in the second one. The same goes for video surveillance: you’ll need to manage the recordings and make sure you have enough storage space.
- Legal concerns
There might be laws and regulations applicable, so remember to consider those and consult a legal professional as necessary. For example if you’re recording a video feed, you might be required by law to store the data at a separate and physically secure location, and to destroy it after a certain time period.
- Think it over from the other side : the weakest link, the simplest way in
Think about what you would do if you wanted to compromise the system. How might others approach the problem? It’s nice to have a 26 character password and military grade encryption to protect your entire fortune, but it’s kind of pointless if someone can just hit you with a $10 wrench until you give them the password. How can you avoid getting into that situation? And if you can’t avoid it, is there a fail-safe in place?
- Don’t lock yourself in the tower
I mean this one quite literally. Are you going to be able to get in and out of your home if there’s a power outage? What about the firemen in case there’s a fire? If you set up your phone to unlock the door, what happens if the phone is stolen or the battery dies? Securing a data center is important, but does the support team have enough access (physical or otherwise) if something goes wrong?
Think about whether it’s necessary to keep the system updated and how you will do that. The threats you will face tomorrow might be different from the ones today as technology advances and as the social/political/economical situation changes. If you’re building an offline alarm system for a building, you probably won’t need to do software upgrades at all. However, if the system is connected to the internet, you probably will need to do patching at least from time to time. Also consider how often you should review the system to decide whether it’s still good enough or not.
- Have a contingency plan
Even the most carefully designed system is not perfect, and will break down eventually. This is a fact, not a possibility. When the system is compromised, having a plan in place can make a big difference. Having your RFID tag lost or stolen how will you invalidate it and set up a new one, and how long will that take? How long will it take to notice that it’s missing in the first place? Is the level of security still going to be acceptable in the meantime? Getting your wallet stolen would you be able to list all the cards that were in it, and know all the phone numbers you need to call asap? How much time is realistically acceptable before the risk of someone stealing your money or your identity is too high? When designing your system, think about how you will deal with inevitable problems and plan ahead for the different possible scenarios as necessary.
As I said in the beginning, there is no 100% solution. But following these guidelines will give you the best possible chance of designing a system that is secure enough for your purpose.